/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.wicketstuff.ki.example;

import org.apache.wicket.markup.html.form.CheckBox;
import org.apache.wicket.markup.html.form.PasswordTextField;
import org.apache.wicket.markup.html.form.StatelessForm;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.model.CompoundPropertyModel;
import org.apache.ki.SecurityUtils;
import org.apache.ki.authc.AuthenticationException;
import org.apache.ki.authc.IncorrectCredentialsException;
import org.apache.ki.authc.UnknownAccountException;
import org.apache.ki.authc.UsernamePasswordToken;
import org.apache.ki.subject.Subject;

/**
 * An example of a Wicket login form using Ki's API.  Adapted from the 'SignInForm' example in
 * Wicket in Action, Chapter 11 (Security your application), listings 11.2 and 11.3.
 *
 * @author Les Hazlewood
 * @since 13 Oct 2008
 */
public class SignInForm extends StatelessForm {

    private String username;
    private String password;
    private boolean rememberMe;

    public SignInForm(String id) {
        super(id);
        setModel(new CompoundPropertyModel(this));
        add(new TextField("username").setRequired(true));
        add(new PasswordTextField("password").setResetPassword(false).setRequired(true));
        add(new CheckBox("rememberMe"));
    }


    public final void onSubmit() {
        boolean successful = login(username, password, rememberMe);
        if (successful && !continueToOriginalDestination()) {
            setResponsePage(getApplication().getHomePage());
        }
    }

    private boolean login(String username, String password, boolean rememberMe) {
        Subject currentUser = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username, password, rememberMe);
        try {
            currentUser.login(token);
            return true;
            
        //the following exceptions are just a few you can catch and handle accordingly.  See the 
        //AuthenticationException JavaDoc and its subclasses for more.
        } catch (IncorrectCredentialsException ice) {
            get("password").error("Password is incorrect.");
        } catch (UnknownAccountException uae) {
            get("username").error("There is no account with that username.");
        } catch (AuthenticationException ae) {
            get("username").error("Invalid username and/or password.");
        }
        return false;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public boolean isRememberMe() {
        return rememberMe;
    }

    public void setRememberMe(boolean rememberMe) {
        this.rememberMe = rememberMe;
    }
}
